leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4982bff1ac
linux/fs/xfs
History
Qian Cai 4982bff1ac xfs: fix an undefined behaviour in _da3_path_shift 
In xfs_da3_path_shift() "blk" can be assigned to state->path.blk[-1] if
state->path.active is 1 (which is a valid state) when it tries to add an
entry to a single dir leaf block and then to shift forward to see if
there's a sibling block that would be a better place to put the new
entry. This causes a UBSAN warning given negative array indices are
undefined behavior in C. In practice the warning is entirely harmless
given that "blk" is never dereferenced in this case, but it is still
better to fix up the warning and slightly improve the code.

 UBSAN: Undefined behaviour in fs/xfs/libxfs/xfs_da_btree.c:1989:14
 index -1 is out of range for type 'xfs_da_state_blk_t [5]'
 Call trace:
  dump_backtrace+0x0/0x2c8
  show_stack+0x20/0x2c
  dump_stack+0xe8/0x150
  __ubsan_handle_out_of_bounds+0xe4/0xfc
  xfs_da3_path_shift+0x860/0x86c [xfs]
  xfs_da3_node_lookup_int+0x7c8/0x934 [xfs]
  xfs_dir2_node_addname+0x2c8/0xcd0 [xfs]
  xfs_dir_createname+0x348/0x38c [xfs]
  xfs_create+0x6b0/0x8b4 [xfs]
  xfs_generic_create+0x12c/0x1f8 [xfs]
  xfs_vn_mknod+0x3c/0x4c [xfs]
  xfs_vn_create+0x34/0x44 [xfs]
  do_last+0xd4c/0x10c8
  path_openat+0xbc/0x2f4
  do_filp_open+0x74/0xf4
  do_sys_openat2+0x98/0x180
  __arm64_sys_openat+0xf8/0x170
  do_el0_svc+0x170/0x240
  el0_sync_handler+0x150/0x250
  el0_sync+0x164/0x180

Suggested-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Qian Cai <cai@lca.pw>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2020-03-02 20:55:51 -08:00
..
libxfs xfs: fix an undefined behaviour in _da3_path_shift 2020-03-02 20:55:51 -08:00
scrub (More) new code for 5.6: 2020-02-06 07:58:38 +00:00
Kconfig
kmem.c xfs: Correct comment tyops -> typos 2019-11-10 10:21:57 -08:00
kmem.h xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
Makefile xfs: remove the now unused dir ops infrastructure 2019-11-10 16:54:24 -08:00
mrlock.h
xfs_acl.c xfs: remove the kuid/kgid conversion wrappers 2020-03-02 20:55:50 -08:00
xfs_acl.h
xfs_aops.c xfs: ratelimit xfs_discard_page messages 2020-03-02 20:55:51 -08:00
xfs_aops.h xfs: add a xfs_inode_buftarg helper 2019-10-28 08:37:54 -07:00
xfs_attr_inactive.c xfs: make xfs_trans_get_buf return an error code 2020-01-26 14:32:26 -08:00
xfs_attr_list.c xfs: split xfs_da3_node_read 2019-11-22 08:17:10 -08:00
xfs_bio_io.c xfs: chain bios the right way around in xfs_rw_bdev 2019-07-10 10:04:16 -07:00
xfs_bmap_item.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_bmap_item.h xfs: merge xfs_bud_init into xfs_trans_get_bud 2019-06-28 19:27:36 -07:00
xfs_bmap_util.c xfs: stabilize insert range start boundary to avoid COW writeback race 2019-12-11 13:18:42 -08:00
xfs_bmap_util.h xfs: simplify xfs_iomap_eof_align_last_fsb 2019-11-03 10:22:30 -08:00
xfs_buf_item.c xfs: fix xfs_buf_ioerror_alert location reporting 2020-01-26 14:32:27 -08:00
xfs_buf_item.h xfs: check log iovec size to make sure it's plausibly a buffer log format 2020-01-16 08:07:24 -08:00
xfs_buf.c xfs: ratelimit xfs_buf_ioerror_alert messages 2020-03-02 20:55:51 -08:00
xfs_buf.h xfs: fix xfs_buf_ioerror_alert location reporting 2020-01-26 14:32:27 -08:00
xfs_dir2_readdir.c xfs: remove the mappedbno argument to xfs_da_read_buf 2019-11-22 08:17:10 -08:00
xfs_discard.c xfs: remove unnecessary null pointer checks from _read_agf callers 2020-01-26 14:32:27 -08:00
xfs_discard.h
xfs_dquot_item.c fs: xfs: Remove KM_NOSLEEP and KM_SLEEP. 2019-08-26 12:06:22 -07:00
xfs_dquot_item.h xfs: remove the xfs_qoff_logitem_t typedef 2019-11-13 18:22:28 -08:00
xfs_dquot.c xfs: remove the kuid/kgid conversion wrappers 2020-03-02 20:55:50 -08:00
xfs_dquot.h xfs: remove the xfs_dq_logitem_t typedef 2019-11-13 18:22:26 -08:00
xfs_error.c xfs: report corruption only as a regular error 2019-11-18 08:40:44 -08:00
xfs_error.h xfs: kill the XFS_WANT_CORRUPT_* macros 2019-11-12 17:19:02 -08:00
xfs_export.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_export.h
xfs_extent_busy.c xfs: cleanup use of the XFS_ALLOC_ flags 2019-11-03 10:22:31 -08:00
xfs_extent_busy.h
xfs_extfree_item.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_extfree_item.h xfs: merge xfs_efd_init into xfs_trans_get_efd 2019-06-28 19:27:35 -07:00
xfs_file.c xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read 2020-01-15 22:13:11 -08:00
xfs_filestream.c xfs: make xfs_*read_agf return EAGAIN to ALLOC_FLAG_TRYLOCK callers 2020-01-26 14:32:26 -08:00
xfs_filestream.h
xfs_fsmap.c xfs: add missing assert in xfs_fsmap_owner_from_rmap 2019-11-05 08:28:27 -08:00
xfs_fsmap.h
xfs_fsops.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_fsops.h
xfs_globals.c xfs: multithreaded iwalk implementation 2019-07-03 07:33:26 -07:00
xfs_health.c xfs: introduce new v5 bulkstat structure 2019-07-03 20:36:26 -07:00
xfs_icache.c xfs: ensure that the inode uid/gid match values match the icdinode ones 2020-03-02 20:55:50 -08:00
xfs_icache.h
xfs_icreate_item.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_icreate_item.h
xfs_inode_item.c xfs: remove the kuid/kgid conversion wrappers 2020-03-02 20:55:50 -08:00
xfs_inode_item.h xfs: remove the xfs_log_item_t typedef 2019-06-28 19:27:33 -07:00
xfs_inode.c xfs: remove the icdinode di_uid/di_gid members 2020-03-02 20:55:50 -08:00
xfs_inode.h xfs: merge the projid fields in struct xfs_icdinode 2019-11-13 11:13:45 -08:00
xfs_ioctl32.c xfs: reject invalid flags combinations in XFS_IOC_ATTRMULTI_BY_HANDLE 2020-01-09 10:55:18 -08:00
xfs_ioctl32.h xfs: rename compat_time_t to old_time32_t 2020-01-06 08:57:36 -08:00
xfs_ioctl.c xfs: remove the icdinode di_uid/di_gid members 2020-03-02 20:55:50 -08:00
xfs_ioctl.h xfs: remove XFS_IOC_FSSETDM and XFS_IOC_FSSETDM_BY_HANDLE 2019-11-13 18:22:41 -08:00
xfs_iomap.c xfs: change return value of xfs_inode_need_cow to int 2020-01-20 14:34:47 -08:00
xfs_iomap.h xfs: simplify the xfs_iomap_write_direct calling 2019-11-03 10:22:30 -08:00
xfs_iops.c xfs: remove the icdinode di_uid/di_gid members 2020-03-02 20:55:50 -08:00
xfs_iops.h
xfs_itable.c xfs: remove the kuid/kgid conversion wrappers 2020-03-02 20:55:50 -08:00
xfs_itable.h xfs: remove all *_ITER_ABORT values 2019-08-29 21:22:41 -07:00
xfs_iwalk.c xfs: kill the XFS_WANT_CORRUPT_* macros 2019-11-12 17:19:02 -08:00
xfs_iwalk.h xfs: remove all *_ITER_CONTINUE values 2019-08-30 22:43:56 -07:00
xfs_linux.h xfs: remove the kuid/kgid conversion wrappers 2020-03-02 20:55:50 -08:00
xfs_log_cil.c xfs: Correct comment tyops -> typos 2019-11-10 10:21:57 -08:00
xfs_log_priv.h xfs: remove unused structure members & simple typedefs 2019-11-13 18:22:41 -08:00
xfs_log_recover.c xfs: fix xfs_buf_ioerror_alert location reporting 2020-01-26 14:32:27 -08:00
xfs_log.c xfs: fix iclog release error check race with shutdown 2020-03-02 20:55:50 -08:00
xfs_log.h fs: xfs: xfs_log: Change return type from int to void 2019-07-03 08:21:58 -07:00
xfs_message.c xfs: make the assertion message functions take a mount parameter 2019-11-05 08:28:27 -08:00
xfs_message.h xfs: make the assertion message functions take a mount parameter 2019-11-05 08:28:27 -08:00
xfs_mount.c xfs: don't commit sunit/swidth updates to disk if that would cause repair failures 2019-12-19 07:53:48 -08:00
xfs_mount.h xfs: remove unused structure members & simple typedefs 2019-11-13 18:22:41 -08:00
xfs_mru_cache.c fs: xfs: Remove KM_NOSLEEP and KM_SLEEP. 2019-08-26 12:06:22 -07:00
xfs_mru_cache.h
xfs_ondisk.h xfs: make struct xfs_buf_log_format have a consistent size 2020-01-16 08:07:23 -08:00
xfs_pnfs.c xfs: use super s_id instead of struct xfs_mount m_fsname 2019-11-05 08:28:25 -08:00
xfs_pnfs.h
xfs_pwork.c xfs: poll waiting for quotacheck 2019-07-03 08:21:58 -07:00
xfs_pwork.h xfs: poll waiting for quotacheck 2019-07-03 08:21:58 -07:00
xfs_qm_bhv.c xfs: remove the xfs_disk_dquot_t and xfs_dquot_t 2019-11-13 11:13:45 -08:00
xfs_qm_syscalls.c xfs: Replace function declaration by actual definition 2019-11-13 18:22:40 -08:00
xfs_qm.c xfs: remove the kuid/kgid conversion wrappers 2020-03-02 20:55:50 -08:00
xfs_qm.h xfs: quota: move to time64_t interfaces 2020-01-06 08:57:37 -08:00
xfs_quota.h xfs: remove the icdinode di_uid/di_gid members 2020-03-02 20:55:50 -08:00
xfs_quotaops.c xfs: quota: move to time64_t interfaces 2020-01-06 08:57:37 -08:00
xfs_refcount_item.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_refcount_item.h xfs: merge xfs_cud_init into xfs_trans_get_cud 2019-06-28 19:27:35 -07:00
xfs_reflink.c xfs: remove unnecessary null pointer checks from _read_agf callers 2020-01-26 14:32:27 -08:00
xfs_reflink.h xfs: change return value of xfs_inode_need_cow to int 2020-01-20 14:34:47 -08:00
xfs_rmap_item.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_rmap_item.h xfs: merge xfs_rud_init into xfs_trans_get_rud 2019-06-28 19:27:36 -07:00
xfs_rtalloc.c xfs: make xfs_trans_get_buf return an error code 2020-01-26 14:32:26 -08:00
xfs_rtalloc.h
xfs_stats.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_stats.h
xfs_super.c Merge branch 'merge.nfs-fs_parse.1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-02-08 13:26:41 -08:00
xfs_super.h xfs: include QUOTA, FATAL ASSERT build options in XFS_BUILD_OPTIONS 2019-10-21 09:04:57 -07:00
xfs_symlink.c xfs: remove the icdinode di_uid/di_gid members 2020-03-02 20:55:50 -08:00
xfs_symlink.h xfs: Correct comment tyops -> typos 2019-11-10 10:21:57 -08:00
xfs_sysctl.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_sysctl.h xfs: multithreaded iwalk implementation 2019-07-03 07:33:26 -07:00
xfs_sysfs.c xfs: avoid unused to_mp() function warning 2019-09-24 09:40:19 -07:00
xfs_sysfs.h
xfs_trace.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_trace.h Merge branch 'core/kprobes' into perf/core, to pick up a completed branch 2019-12-25 10:43:08 +01:00
xfs_trans_ail.c xfs: Correct comment tyops -> typos 2019-11-10 10:21:57 -08:00
xfs_trans_buf.c xfs: fix xfs_buf_ioerror_alert location reporting 2020-01-26 14:32:27 -08:00
xfs_trans_dquot.c xfs: quota: move to time64_t interfaces 2020-01-06 08:57:37 -08:00
xfs_trans_priv.h xfs: don't use xfs_trans_free_items in the commit path 2019-06-28 19:27:31 -07:00
xfs_trans.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_trans.h xfs: make xfs_trans_get_buf return an error code 2020-01-26 14:32:26 -08:00
xfs_xattr.c xfs: Remove all strlen in all xfs_attr_* functions for attr names. 2020-01-09 10:55:19 -08:00
xfs.h